package tigase.server.xmppserver.proc;

import java.util.List;
import java.util.Map;
import java.util.Queue;
import java.util.Set;
import java.util.concurrent.CopyOnWriteArraySet;
import java.util.concurrent.TimeUnit;
import java.util.logging.Level;
import java.util.logging.Logger;
import tigase.cert.CertCheckResult;
import tigase.db.AuthRepository;
import tigase.io.SSLContextContainerIfc;
import tigase.net.ConnectionType;
import tigase.net.IOService;
import tigase.server.Packet;
import tigase.server.xmppserver.CID;
import tigase.server.xmppserver.CIDConnections;
import tigase.server.xmppserver.LocalhostException;
import tigase.server.xmppserver.NotLocalhostException;
import tigase.server.xmppserver.S2SIOService;
import tigase.server.xmppserver.proc.S2SAbstractProcessor;
import tigase.util.Algorithms;
import tigase.util.TimerTask;
import tigase.xml.Element;
import tigase.xmpp.JID;
import tigase.xmpp.StanzaType;

/* loaded from: input_file:tigase/server/xmppserver/proc/Dialback.class */
public class Dialback extends S2SAbstractProcessor {
    private static final Logger log = Logger.getLogger(Dialback.class.getName());
    private static final Element features_required = new Element("dialback", new Element[]{new Element("required")}, new String[]{"xmlns"}, new String[]{"urn:xmpp:features:dialback"});
    private static final Element features = new Element("dialback", new String[]{"xmlns"}, new String[]{"urn:xmpp:features:dialback"});
    private static final String REQUESTED_RESULT_DOMAINS_KEY = "requested-result-domains-key";
    private long authenticationTimeOut = 30;
    private boolean ejabberd_bug_workaround_active;

    /* loaded from: input_file:tigase/server/xmppserver/proc/Dialback$AuthenticationTimer.class */
    private class AuthenticationTimer extends TimerTask {
        private S2SIOService serv;

        private AuthenticationTimer(S2SIOService s2SIOService) {
            this.serv = null;
            this.serv = s2SIOService;
        }

        @Override // java.lang.Runnable
        public void run() {
            if (this.serv.isAuthenticated() || !this.serv.isConnected()) {
                return;
            }
            if (Dialback.log.isLoggable(Level.FINE)) {
                Dialback.log.log(Level.FINE, "Connection not authenticated within timeout, stopping: {0}", this.serv);
            }
            this.serv.stop();
        }
    }

    public Dialback() {
        this.ejabberd_bug_workaround_active = false;
        if (System.getProperty("s2s-ejabberd-bug-workaround-active") == null) {
            System.setProperty("s2s-ejabberd-bug-workaround-active", SSLContextContainerIfc.ALLOW_SELF_SIGNED_CERTS_VAL);
        }
        this.ejabberd_bug_workaround_active = Boolean.getBoolean("s2s-ejabberd-bug-workaround-active");
    }

    @Override // tigase.server.xmppserver.S2SProcessor
    public int order() {
        return S2SAbstractProcessor.Order.Dialback.ordinal();
    }

    @Override // tigase.server.xmppserver.proc.S2SAbstractProcessor, tigase.server.xmppserver.S2SProcessor
    public boolean process(Packet packet, S2SIOService s2SIOService, Queue<Packet> queue) {
        CID cid = (CID) s2SIOService.getSessionData().get("cid");
        boolean skipTLSForHost = cid == null ? false : skipTLSForHost(cid.getRemoteHost());
        if (packet.getXMLNS() == "jabber:server:dialback") {
            if (log.isLoggable(Level.FINEST)) {
                log.log(Level.FINEST, "{0}, Processing dialback packet: {1}", new Object[]{s2SIOService, packet});
            }
            processDialback(packet, s2SIOService);
            return true;
        }
        if (!packet.isElement("features", "http://etherx.jabber.org/streams")) {
            return false;
        }
        if (log.isLoggable(Level.FINEST)) {
            log.log(Level.FINEST, "{0}, Stream features received packet: {1}", new Object[]{s2SIOService, packet});
        }
        CertCheckResult certCheckResult = (CertCheckResult) s2SIOService.getSessionData().get(IOService.CERT_CHECK_RESULT);
        if (log.isLoggable(Level.FINEST)) {
            log.log(Level.FINEST, "{0}, TLS Certificate check: {1}, packet: {2}", new Object[]{s2SIOService, certCheckResult, packet});
        }
        if (packet.isXMLNSStaticStr(FEATURES_STARTTLS_PATH, "urn:ietf:params:xml:ns:xmpp-tls") && certCheckResult == null && !skipTLSForHost) {
            if (!log.isLoggable(Level.FINEST)) {
                return true;
            }
            log.log(Level.FINEST, "{0}, Waiting for starttls, packet: {1}", new Object[]{s2SIOService, packet});
            return true;
        }
        if (certCheckResult == CertCheckResult.trusted && !packet.isXMLNSStaticStr(FEATURES_DIALBACK_PATH, "urn:xmpp:features:dialback")) {
            if (!this.ejabberd_bug_workaround_active) {
                if (log.isLoggable(Level.FINEST)) {
                    log.log(Level.FINEST, "{0}, TLS trusted peer, no dialback needed or requested, packet: {1}", new Object[]{s2SIOService, packet});
                }
                try {
                    this.handler.getCIDConnections(cid, true).connectionAuthenticated(s2SIOService);
                    return true;
                } catch (LocalhostException e) {
                    log.log(Level.INFO, "{0}, Incorrect remote hostname name, packet: {1}", new Object[]{s2SIOService, packet});
                    s2SIOService.stop();
                    return true;
                } catch (NotLocalhostException e2) {
                    log.log(Level.INFO, "{0}, Incorrect local hostname, packet: {1}", new Object[]{s2SIOService, packet});
                    s2SIOService.forceStop();
                    return true;
                }
            }
            if (log.isLoggable(Level.FINEST)) {
                log.log(Level.FINEST, "{0}, Ejabberd bug workaround active, proceeding to dialback anyway, packet: {1}", new Object[]{s2SIOService, packet});
            }
        }
        if (!skipTLSForHost && cid != null && !s2SIOService.getSessionData().containsKey("TLS") && this.handler.isTlsRequired(cid.getLocalHost())) {
            log.log(Level.FINER, "{0}, TLS is required for domain {1} but STARTTLS was not offered by {2} - policy-violation", new Object[]{s2SIOService, cid.getLocalHost(), cid.getRemoteHost()});
            s2SIOService.forceStop();
            return true;
        }
        if (log.isLoggable(Level.FINEST)) {
            log.log(Level.FINEST, "{0}, Initializing dialback, packet: {1}", new Object[]{s2SIOService, packet});
        }
        initDialback(s2SIOService, s2SIOService.getSessionId());
        return false;
    }

    @Override // tigase.server.xmppserver.proc.S2SAbstractProcessor, tigase.server.xmppserver.S2SProcessor
    public void serviceStarted(S2SIOService s2SIOService) {
        this.handler.addTimerTask(new AuthenticationTimer(s2SIOService), this.authenticationTimeOut, TimeUnit.SECONDS);
    }

    @Override // tigase.server.xmppserver.proc.S2SAbstractProcessor, tigase.server.xmppserver.S2SProcessor
    public void streamFeatures(S2SIOService s2SIOService, List<Element> list) {
        if (((CertCheckResult) s2SIOService.getSessionData().get(IOService.CERT_CHECK_RESULT)) == CertCheckResult.trusted) {
            list.add(features);
        } else {
            list.add(features_required);
        }
    }

    @Override // tigase.server.xmppserver.proc.S2SAbstractProcessor, tigase.server.xmppserver.S2SProcessor
    public String streamOpened(S2SIOService s2SIOService, Map<String, String> map) {
        if (map.containsKey("version")) {
            return null;
        }
        switch (s2SIOService.connectionType()) {
            case connect:
                initDialback(s2SIOService, map.get("id"));
                return null;
            default:
                return null;
        }
    }

    private void initDialback(S2SIOService s2SIOService, String str) {
        try {
            CID cid = (CID) s2SIOService.getSessionData().get("cid");
            String generateDialbackKey = Algorithms.generateDialbackKey(cid.getLocalHost(), cid.getRemoteHost(), this.handler.getSecretForDomain(cid.getLocalHost()), str);
            if (!s2SIOService.isHandshakingOnly()) {
                Element element = new Element("db:result", generateDialbackKey, new String[]{"xmlns:db"}, new String[]{"jabber:server:dialback"});
                addToResultRequested(s2SIOService, cid.getRemoteHost());
                s2SIOService.getS2SConnection().addControlPacket(Packet.packetInstance(element, JID.jidInstanceNS(cid.getLocalHost()), JID.jidInstanceNS(cid.getRemoteHost())));
            }
            s2SIOService.getS2SConnection().sendAllControlPackets();
        } catch (NotLocalhostException e) {
            generateStreamError(false, "host-unknown", s2SIOService);
        }
    }

    private void processDialback(Packet packet, S2SIOService s2SIOService) {
        boolean z;
        String generateDialbackKey;
        boolean z2;
        CID cid = (CID) s2SIOService.getSessionData().get("cid");
        CID cid2 = new CID(packet.getStanzaTo().getDomain(), packet.getStanzaFrom().getDomain());
        if (log.isLoggable(Level.FINEST)) {
            log.log(Level.FINEST, "{0}, DIALBACK packet: {1}, CID_packet: {2}", new Object[]{s2SIOService, packet, cid2});
        }
        if (cid == null) {
            cid = cid2;
            s2SIOService.getSessionData().put("cid", cid);
            s2SIOService.getSessionData().put("local-hostname", cid.getLocalHost());
            s2SIOService.getSessionData().put("remote-hostname", cid.getRemoteHost());
        }
        try {
            CIDConnections cIDConnections = this.handler.getCIDConnections(cid, true);
            if (s2SIOService.connectionType() == ConnectionType.accept) {
                cIDConnections.addIncoming(s2SIOService);
            }
            String elemCData = packet.getElemCData();
            if (packet.getElemName() == AuthRepository.RESULT_KEY || packet.getElemName() == "db:result") {
                if (packet.getType() == null) {
                    CID cid3 = (CID) s2SIOService.getSessionData().get("cid");
                    if (skipTLSForHost(cid3.getRemoteHost()) || s2SIOService.getSessionData().containsKey("TLS") || !this.handler.isTlsRequired(cid3.getLocalHost())) {
                        this.handler.sendVerifyResult("db:verify", cid, cid2, null, s2SIOService.getSessionId(), null, packet.getElemCData(), true);
                    } else {
                        log.log(Level.FINER, "{0}, rejecting S2S connection from {1} to {2} due to policy violation - STARTTLS is required", new Object[]{s2SIOService, cid3.getRemoteHost(), cid3.getLocalHost()});
                        this.handler.sendVerifyResult("db:result", cid, cid2, false, null, s2SIOService.getSessionId(), null, false, new Element("error", new Element[]{new Element("policy-violation", new String[]{"xmlns"}, new String[]{"urn:ietf:params:xml:ns:xmpp-stanzas"})}, new String[]{"type"}, new String[]{"cancel"}));
                    }
                } else if (packet.getType() != StanzaType.valid) {
                    if (log.isLoggable(Level.FINE)) {
                        log.log(Level.FINE, "Invalid result for DB authentication: {0}, stopping connection: {1}", new Object[]{cid2, s2SIOService});
                    }
                    s2SIOService.stop();
                } else if (wasResultRequested(s2SIOService, packet.getStanzaFrom().toString())) {
                    cIDConnections.connectionAuthenticated(s2SIOService);
                } else if (log.isLoggable(Level.FINE)) {
                    log.log(Level.FINE, "Received result with type valid for {0} but it was not requested!", packet.getStanzaFrom());
                }
            }
            if (packet.getElemName() == "verify" || packet.getElemName() == "db:verify") {
                if (packet.getType() != null) {
                    if (wasVerifyRequested(s2SIOService, packet.getStanzaFrom().toString())) {
                        this.handler.sendVerifyResult("db:result", cid, cid2, Boolean.valueOf(packet.getType() == StanzaType.valid), null, packet.getStanzaId(), null, false);
                        cIDConnections.connectionAuthenticated(packet.getStanzaId());
                    } else if (log.isLoggable(Level.FINE)) {
                        log.log(Level.FINE, "received verify for {0} but it was not requested!", packet.getStanzaFrom());
                    }
                    if (s2SIOService.isHandshakingOnly()) {
                        s2SIOService.stop();
                        return;
                    }
                    return;
                }
                try {
                    generateDialbackKey = Algorithms.generateDialbackKey(cid2.getLocalHost(), cid2.getRemoteHost(), this.handler.getSecretForDomain(cid2.getLocalHost()), packet.getStanzaId());
                    if (generateDialbackKey == null && log.isLoggable(Level.FINER)) {
                        log.log(Level.FINER, "The key is not available for connection CID: {0}, or the packet CID: {1} ", new Object[]{cid, cid2});
                    }
                } catch (NotLocalhostException e) {
                    if (log.isLoggable(Level.FINER)) {
                        log.log(Level.FINER, "Could not retreive secret for " + cid2.getLocalHost(), (Throwable) e);
                    }
                    z = false;
                }
                if (generateDialbackKey != null) {
                    if (generateDialbackKey.equals(elemCData)) {
                        z2 = true;
                        z = z2;
                        this.handler.sendVerifyResult("db:verify", cid, cid2, Boolean.valueOf(z), packet.getStanzaId(), s2SIOService.getSessionId(), null, false);
                    }
                }
                z2 = false;
                z = z2;
                this.handler.sendVerifyResult("db:verify", cid, cid2, Boolean.valueOf(z), packet.getStanzaId(), s2SIOService.getSessionId(), null, false);
            }
        } catch (LocalhostException e2) {
            log.log(Level.FINER, "{0} Incorrect remote hostname: {1}", new Object[]{s2SIOService, packet});
            generateStreamError(false, "invalid-from", s2SIOService);
        } catch (NotLocalhostException e3) {
            log.log(Level.FINER, "{0} Incorrect local hostname: {1}", new Object[]{s2SIOService, packet});
            generateStreamError(false, "host-unknown", s2SIOService);
        }
    }

    private void addToResultRequested(S2SIOService s2SIOService, String str) {
        Set set = (Set) s2SIOService.getSessionData().get(REQUESTED_RESULT_DOMAINS_KEY);
        if (set == null) {
            CopyOnWriteArraySet copyOnWriteArraySet = new CopyOnWriteArraySet();
            set = (Set) s2SIOService.getSessionData().putIfAbsent(REQUESTED_RESULT_DOMAINS_KEY, copyOnWriteArraySet);
            if (set == null) {
                set = copyOnWriteArraySet;
            }
        }
        set.add(str);
    }

    private boolean wasResultRequested(S2SIOService s2SIOService, String str) {
        Set set = (Set) s2SIOService.getSessionData().get(REQUESTED_RESULT_DOMAINS_KEY);
        return set != null && set.contains(str);
    }

    private boolean wasVerifyRequested(S2SIOService s2SIOService, String str) {
        String str2 = (String) s2SIOService.getSessionData().get(S2SIOService.HANDSHAKING_DOMAIN_KEY);
        return str2 != null && str2.contains(str);
    }
}
